Before you read any of this, just know that it’s perfectly possible to mix and match Wolverine.HTTP, MVC Core controllers, and Minimal API endpoints in the same application.
If you’ve built ASP.NET Core applications of any size, you’ve probably run into the same friction: MVC controllers that balloon with constructor-injected dependencies, or Minimal API handlers that accumulate scattered app.MapGet(...) calls across multiple files. And if you’ve reached for a Mediator library to impose some structure, you’ve added a layer of abstraction that — while familiar — brings its own ceremony and a seam that can make unit testing harder than it should be.
Wolverine.HTTP is a different model. It’s a first-class HTTP framework built on top of ASP.NET Core that’s designed from the ground up for vertical slice architecture, has built-in transactional outbox support, and delivers a middleware story that is arguably more powerful than IEndpointFilter. And it doesn’t need a separate “Mediator” library because the Wolverine HTTP endpoints very naturally support a “Vertical Slice” style without so many moving parts as the average “check out my vertical slice architecture template!” approach online.
Moreover, Wolverine.HTTP has first class support for resilient messaging through Wolverine’s transactional outbox and asynchronous messaging. No other HTTP endpoint library in .NET has any such smooth integration.
What Is Vertical Slice Architecture?
The core idea is organizing code by feature rather than by technical layer. Instead of a Controllers/ folder, a Services/ folder, and a Repositories/ folder that all have to be navigated to understand one feature, you co-locate everything that belongs to a single use case: the request type, the handler, and any supporting types.
The payoff is locality. When a bug is filed against “create order”, you open one file. When a feature is deleted, you delete one file. There’s no hunting across layers.
Wolverine.HTTP is a natural fit for this style. A Wolverine HTTP endpoint is just a static class — no base class, no constructor injection, no framework coupling. The framework discovers it by scanning for [WolverineGet], [WolverinePost], [WolverinePut], [WolverineDelete], and [WolverinePatch] attributes.
And because of the world we live in now, I have to mention that there is already plenty of anecdotal evidence that AI assisted coding works better with the “vertical slice” approach than it does against heavily layered approaches.
Getting Started
Install the NuGet package:
dotnet add package WolverineFx.Http
Wire it up in Program.cs:
var builder = WebApplication.CreateBuilder(args);builder.Host.UseWolverine();builder.Services.AddWolverineHttp();var app = builder.Build();app.MapWolverineEndpoints();return await app.RunJasperCommands(args;
A Complete Vertical Slice
Here’s what a full feature slice looks like with Wolverine.HTTP. Request type, response type, and handler all in one place:
// The requestpublic record CreateTodo(string Name);// The responsepublic record TodoCreated(int Id);// The handler — a plain static class, no base class requiredpublic static class CreateTodoEndpoint{ [WolverinePost("/todoitems")] public static async Task<IResult> Post( CreateTodo command, IDocumentSession session) // injected by Wolverine from the IoC container { var todo = new Todo { Name = command.Name }; session.Store(todo); return Results.Created($"/todoitems/{todo.Id}", todo); }}
Compare that to what this would look like in MVC Core with a service layer and constructor injection. The Wolverine version is shorter, has no framework coupling in the handler method itself, and every dependency is explicit in the method signature. There’s no hidden state, and the method is trivially unit-testable in isolation.
For reading data, it’s even cleaner:
public static class TodoEndpoints{ [WolverineGet("/todoitems")] public static Task<IReadOnlyList<Todo>> Get(IQuerySession session) => session.Query<Todo>().ToListAsync(); [WolverineGet("/todoitems/{id}")] public static Task<Todo?> GetTodo(int id, IQuerySession session, CancellationToken cancellation) => session.LoadAsync<Todo>(id, cancellation); [WolverineDelete("/todoitems/{id}")] public static void Delete(int id, IDocumentSession session) => session.Delete<Todo>(id);}
No controller. No service interface. No repository abstraction. Just the feature.
No Separate Mediator Needed
One of the most common patterns in .NET vertical slice architecture is using a Mediator library like MediatR to dispatch commands from controllers to handlers. Wolverine makes this unnecessary — it handles both HTTP routing and in-process message dispatch with the same execution pipeline.
If you’re coming from MediatR, the key difference is that there’s no IRequest<T> base type to implement, no IRequestHandler<TRequest, TResponse> to wire up, and no _mediator.Send(command) call to thread through your controllers. The HTTP endpoint is the handler. When you also want to dispatch a message for async processing, you just return it from the method (more on that below).
See our converting from MediatR guide for a detailed side-by-side comparison.
If you’re coming from MVC Core controllers or Minimal API, we have migration guides for both:
The Outbox: The Feature That Changes Everything
Here is where Wolverine.HTTP really pulls ahead. In any event-driven architecture, HTTP endpoints frequently need to do two things atomically: save data to the database and publish a message or event. If you do these as two separate operations and something crashes between them, you’ve lost a message — or worse, written corrupted state.
The standard solution is a transactional outbox: write the message to the same database transaction as the data change, then have a background process deliver it reliably.
With plain IMessageBus in a Minimal API handler, you’re responsible for the outbox mechanics yourself. With Wolverine.HTTP, the outbox is automatic. Any message returned from an endpoint method is enrolled in the same transaction as the handler’s database work.
The simplest pattern uses tuple return values. Wolverine recognizes any message types in the return tuple and routes them through the outbox:
public static class CreateTodoEndpoint{ [WolverinePost("/todoitems")] public static (Todo todo, TodoCreated created) Post( CreateTodo command, IDocumentSession session) { var todo = new Todo { Name = command.Name }; session.Store(todo); // Both the HTTP response (Todo) and the outbox message (TodoCreated) // are committed in the same transaction. No message is lost. return (todo, new TodoCreated(todo.Id)); }}
The Todo becomes the HTTP response body. The TodoCreated message goes into the outbox and is delivered durably after the transaction commits. The database write and the message write are atomic — no coordinator needed.
If you need to publish multiple messages, use OutgoingMessages:
[WolverinePost("/orders")]public static (OrderCreated, OutgoingMessages) Post(CreateOrder command, IDocumentSession session){ var order = new Order(command); session.Store(order); var messages = new OutgoingMessages { new OrderConfirmationEmail(order.CusmerId), new ReserveInventory(order.Items), new NotifyWarehouse(order.Id) }; return (new OrderCreated(order.Id), messages);}
All four database and message operations commit together. This is the kind of correctness that is genuinely difficult to achieve with raw IMessageBus calls in Minimal API, and it comes for free in Wolverine.HTTP.
Middleware: Better Than IEndpointFilter
ASP.NET Core Minimal API introduced IEndpointFilter as its extensibility hook — a way to run logic before and after an endpoint handler. It works, but it has a few rough edges: you write a class that implements an interface with a single InvokeAsync method that receives an EndpointFilterInvocationContext, and you have to dig values out by index or type from the context object. It’s not especially readable, and composing multiple filters is verbose.
Wolverine.HTTP’s middleware model is different. Middleware is just a class with Before and After methods that can take any of the same parameters the endpoint handler can take — including the request body, IoC services, HttpContext, and even values produced by earlier middleware. Wolverine generates the glue code at compile time (via source generation), so there’s no runtime reflection and no boxing.
Here’s a stopwatch middleware that times every request:
public class StopwatchMiddleware{ private readonly Stopwatch _stopwatch = new(); public void Before() => _stopwatch.Start(); public void Finally(ILogger logger, HttpContext context) { _stopwatch.Stop(); logger.LogDebug( "Request for route {Route} ran in {Duration}ms", context.Request.Path, _stopwatch.ElapsedMilliseconds); }}
A middleware method can also return IResult to conditionally stop the request. If the returned IResult is WolverineContinue.Result(), processing continues. Anything else — Results.Unauthorized(), Results.NotFound(), Results.Problem(...) — short-circuits the handler and writes the response immediately:
public class FakeAuthenticationMiddleware{ public static IResult Before(IAmAuthenticated message) { return message.Authenticated ? WolverineContinue.Result() // keep going : Results.Unauthorized(); // stop here }}
This same pattern powers Wolverine’s built-in FluentValidation middleware — every validation failure becomes a ProblemDetails response with no boilerplate in the handler itself.
The IHttpPolicy interface lets you apply middleware conventions across many endpoints at once:
public class RequireApiKeyPolicy : IHttpPolicy{ public void Apply(IReadOnlyList<HttpChain> chains, GenerationRules rules, IServiceContainer container) { foreach (var chain in chains.Where(c => c.Method.Tags.Contains("api"))) { chain.Middleware.Insert(0, new MethodCall(typeof(ApiKeyMiddleware), nameof(ApiKeyMiddleware.Before))); } }}
Policies are registered during bootstrapping:
app.MapWolverineEndpoints(opts =>{ opts.AddPolicy<RequireApiKeyPolicy>();})
ASP.NET Core Middleware: Everything Still Works
Wolverine.HTTP is built on top of ASP.NET Core, not around it. Every piece of standard ASP.NET Core middleware works exactly as you’d expect — Wolverine endpoints are just routes in the middleware pipeline.
Authentication and Authorization work via the standard [Authorize] and [AllowAnonymous] attributes:
public static class OrderEndpoints{ [WolverineGet("/orders")] [Authorize] public static Task<IReadOnlyList<Order>> GetAll(IQuerySession session) => session.Query<Order>().ToListAsync(); [WolverinePost("/orders")] [Authorize(Roles = "admin")] public static (Order, OrderCreated) Post(CreateOrder command, IDocumentSession session) { // ... }}
You can also require authorization on a set of routes at bootstrapping time:
app.MapWolverineEndpoints(opts =>{ opts.ConfigureEndpoints(chain => { chain.Metadata.RequireAuthorization(); });});
Output caching via [OutputCache]:
[WolverineGet("/products/{id}")][OutputCache(Duration = 60)]public static Task<Product?> Get(int id, IQuerySession session) => session.LoadAsync<Product>(id)
Rate limiting via [EnableRateLimiting]:
builder.Services.AddRateLimiter(options =>{ options.AddFixedWindowLimiter("per-user", opt => { opt.PermitLimit = 100; opt.Window = TimeSpan.FromMinutes(1); }); options.RejectionStatusCode = 429;});app.UseRateLimiter();// In your endpoint class:[WolverinePost("/api/orders")][EnableRateLimiting("per-user")]public static (Order, OrderCreated) Post(CreateOrder command, IDocumentSession session){ // ...}
The UseRateLimiter() call in the pipeline hooks standard ASP.NET Core rate limiting middleware, and the [EnableRateLimiting] attribute wires up the policy exactly as it does for Minimal API or MVC — no Wolverine-specific configuration required.
OpenAPI / Swagger Support
Wolverine.HTTP integrates with Swashbuckle and the newer Microsoft.AspNetCore.OpenApi package. Endpoints are discovered as standard ASP.NET Core route metadata, so Swagger UI works out of the box. You can use [Tags], [ProducesResponseType], and [EndpointSummary] to enrich the generated spec:
[Tags("Orders")][WolverinePost("/api/orders")][ProducesResponseType<Order>(201)][ProducesResponseType(400)]public static (CreationResponse<Guid>, OrderStarted) Post(CreateOrder command, IDocumentSession session){ // ...}
Summary
Wolverine.HTTP gives you a cleaner foundation for vertical slice architecture in .NET:
- No Mediator library needed — Wolverine handles both HTTP routing and in-process dispatch in the same pipeline
- Discoverability built in for vertical slices — which is an advantage over Minimal API + Mediator style “vertical slices”
- Lower ceremony than MVC controllers — static classes, method injection, no base types
- Built-in outbox — messages returned from endpoints commit atomically with the database transaction
- Better middleware than
IEndpointFilter—Before/Aftermethods with full dependency injection andIResultfor conditional short-circuiting - Full ASP.NET Core compatibility — authentication, authorization, rate limiting, output caching, and all other middleware work without changes
If you’re starting a new project or looking to reduce complexity in an existing one, Wolverine.HTTP is worth a close look.
Further reading:
The Shade Tree Developer 